technology transfer from security research projects
play

Technology Transfer from Security Research Projects A Personal - PowerPoint PPT Presentation

Jun 22, 2023 •363 likes •943 views

Technology Transfer from Security Research Projects A Personal Perspective N. Asokan Aalto University & University of Helsinki http://asokan.org/asokan/research Five examples Optimistic Fair Exchange Generic Authentication

  1. Technology Transfer from Security Research Projects A Personal Perspective N. Asokan Aalto University & University of Helsinki http://asokan.org/asokan/research

  2. Five examples • Optimistic Fair Exchange • Generic Authentication Architecture • Channel Binding in Protocol Composition • Secure Device Pairing • On-board Credentials 2

  3. Five examples • Optimistic Fair Exchange • Generic Authentication Architecture • Channel Binding in Protocol Composition • Secure Device Pairing • On-board Credentials 3

  4. Fair Exchange How can two mutually distrusting parties exchange digital “items” on the Internet? Existing solutions: A-item B-item A-exp B-exp B-item A-item Gradual Exchange protocols Trusted Third Party protocols 4

  5. Fair Exchange: design choices • Common case: both want to complete the exchange – design protocol that is efficient for the common case – but allows recovery in case of exceptions • Requirements – Effectiveness – Fairness – Timeliness – (Non-invasive) 5

  6. Optimistic Fair Exchange A-exp A-item B-exp B-item generate generate A- B- permit permit A- permit B- permit A-item Bob Alice B-item ? Resolve http://www.semper.org/ 6

  7. Optimistic Fair Exchange: Recovery B- A-item Resolve permit if A-item matches B-exp • extract B-item from B-permit Alice • store A-item B-item B-exp B-item extract B- permit 7

  8. Optimistic Fair Exchange A-exp A-item B-exp B-item generate generate A- B- permit permit A- permit B- permit ? Abort A-item ? Bob Resolve Alice B-item ? Resolve http://www.semper.org/ 8

  9. Optimistic Fair Exchange: Recovery A- Abort permit If not resolved , A- issue abort token permit Alice B- A-item Resolve permit If not aborted , and if A-item matches B-exp • extract B-item from B-permit Alice • store A-item B-item B-exp B-item extract Resolve for Bob is similar B- permit 9

  10. Verifiable Encryption Analogy - jewelry in a glass box: can see but can’t touch secret secret desc verifyEnc recover True/False secret 10

  11. Verifiable Encryption of discrete logs Setting: secret = s  G1, desc d = g s (in G2) Prover Verifier TTP Verifier s0  R G1, v ← g s0 s1 ← s0 – s E Ei ← Enc(ri, si), i={0,1} v, E0, E1 b b  R {0,1} s 𝑐 ← Dec( E b ) s b b s ← sb + s rb, sb b (d b . g sb = v?) && (Enc(rb, sb) = Eb?) Repeat n times (cut-and-choose) verifyEnc recover 11

  12. From Verifiable Encryptions to Permits = desc. of B-item A-exp A- = Verifiable Encryption of + A-item A-exp permit [A SW00] “ Optimistic Fair Exchange of Digital Signatures ”, JSAC 18(4 ): 593-610 (2000) 12

  13. Optimistic Fair Exchange: the aftermath • Someone has to run the Third Party – Wants to monetize every transaction! 13

  14. Verifiable Encryption of discrete logs Setting: secret = s  G1, desc d = g s (in G2) Prover Verifier TTP Verifier s0  R G1, v ← g s0 s1 ← s0 – s E Ei ← Enc(ri, si), i={0,1} v, E0, E1 b b  R {0,1} s 𝑐 ← Dec( E b ) s b b s ← sb + s rb, sb b (d b . g sb = v?) && (Enc(rb, sb) = Eb?) Repeat n times (cut-and-choose) verifyEnc recover 14

  15. Verifiable Encryption of discrete logs Setting: secret = s  G1, desc d = g s (in G2) s0  R G1, v ← g s0 E0 ← Enc(r0, s0) Cert ← Sig TTP (v, E0) Prover Verifier TTP Verifier s1 ← s0 – s v, E0,Cert E0 s0 ← Dec( E0 ) s1 s0 s ← s0 + s1 (d . g s1 = v?) && verify(Cert) Repeat n times (cut-and-choose) verifyEnc recover Pre-paid coupons bought from the TTP to be used for every optimistic transaction! 15

  16. Optimistic Fair Exchange: the aftermath • Someone has to run the Third Party  – Wants to monetize every transaction! • 15 years on, current status: – Reputation systems – In-line TTP (e.g., E-bay escrow service) 16

  17. Continuing “impact” in research circles! 17

  18. Optimistic Fair Exchange: the aftermath • Someone has to run the Third Party – Wants to monetize every transaction! • 15 years on, current status: – Reputation systems – In-line TTP (e.g., E-bay escrow service) • Impact in academia vs. real world impact • Biggest impact of SEMPER? http://logging.apache.org/log4j/2.x/ 18

  19. Optimistic Fair Exchange: lessons learned • Don’t just guess security requirements; Ask stakeholders • Desiderata for deployment and research can be different – “the more (independent) parties you require for your scheme, the less likely it will be deployed” • Capturing researcher interest (Tech transfer) Impact → / – MANETs anyone? • “90 - 10 rule” applies to deploying security – “Good enough beats perfect” 19 Skip to summary

  20. Five examples • Optimistic Fair Exchange • Generic Authentication Architecture • Channel Binding in Protocol Composition • Secure Device Pairing • On-board Credentials 20

  21. Generic Authentication Architecture Can we bootstrap a general-purpose global-scale authentication and authorization infrastructure from the existing cellular security infrastructure? • Need was evident: – “Global PKIs will not happen” • Ad-hoc bootstrapping already in use – e.g., Coke vending machine accepting payments via SMS, 1997 • Idea: Bootstrap short- lived certificates from “local PKIs” 21

  22. Bootstrapping a “local PKI” K Home Security Server Authentication & Key Global Cellular Agreement (AKA) Authentication/authorization Serving Network Infrastructure RA IK, CK CA SP IK, CK Cert D K PK D /SK D 22

  23. 3GPP “Generic Authentication Architecture” HSS Two layer architecture - Generic Bootstrapping Credential Fetching Architecture (GBA) Protocol Bootstrapping Key distribution Application - Specialized Application Protocol Server Server Servers Bootstrapping - E.g., for “subscriber Protocol certificates” Bootstrapping client Application client Application User Equipment Protocol (UE) [HLGNA 08] “ Cellular Authentication for Mobile and Internet Services ”, Wiley, 2008 Relevant 3GPP documents: E.g., [33.919], [33.220] 23

  24. GAA: the aftermath • Standardized in 3GPP – Variants: GBA and GBA_U (implemented in the smartcard, UICC) – GBA implemented for some services – none of which has taken off (e.g., Mobile TV), so far • Today’s solutions: – Bootstrapping: Facebook, Google, … • Some mobile carriers even deployed PKI-enabled SIM cards – Roaming: iPass , Shibboleth, … • Variants of the idea had more success – E.g., EAP SIM 24

  25. GAA: lessons learned • (Standardization) Politics can suffocate a good idea • “90 - 10 rule” applies to deploying security 25 Skip to summary

  26. Five examples • Optimistic Fair Exchange • Generic Authentication Architecture • Channel Binding in Protocol Composition • Secure Device Pairing • On-board Credentials 26

  27. Channel Binding in protocol composition Composing two secure authentication protocols carelessly can lead to a man-in-the-middle vulnerability • Protocol composition can ease deployment • Examples: – Server auth. using TLS + user auth. with password – Authentication for VPN access using legacy credentials – Bootstrapping a “local PKI” 27

  28. 3G AKA K K Latest SQN: SQN H Latest SQN: SQN U Serving Network Home Security Server IMSI IMSI Rand K SQN H Rand, AUTN, XRES, IK, CK XRES AUTN IK CK RAND, AUTN Rand K AUTN RES SQN IK CK STOP i f SQN  SQN U RES STOP i f RES  XRES Provides mutual authentication 28

  29. Bootstrapping certificate enrollment 1. Set up a (server-authenticated) TLS channel Serving Network Home Security RA Server IMSI IMSI 2. Run AKA Rand, AUTN, XRES, IK, CK RAND, AUTN STOP i f SQN  SQN U RES STOP i f RES  XRES Cert Request Cert Response 3. Do certificate enrollment via the (mutually) authenticated TLS channel 29

  30. Bootstrapping certificate enrollment 1. Set up a (server-authenticated) TLS channel Serving Network Home Security RA Server MitM IMSI IMSI IMSI 2. Run AKA Rand, AUTN, XRES, IK, CK RAND, AUTN RAND, AUTN STOP RES RES i f SQN  SQN U STOP i f RES  XRES Cert Request Cert Response 3. Do certificate enrollment via the (mutually) authenticated TLS channel Channel binding: Use of cryptographic binding to compose two authenticated channels [ANN03] “ Man-in-the-middle in Tunnelled Authentication Protocols ”, Security Protocols, 2003 30

  31. Channel binding: the aftermath • Fiery reception at Security Protocols workshop! – “But you are using the worst rackets in industry as a justification for what you’re doing. There are all sorts of people just generating garbage protocols, a couple of which you have already mentioned here. We’re trying to reverse their work, whereas you’re trying to advocate we use all these garbage protocols.” – For an entertaining read, see transcript of discussion during my talk at SPW ’03! • Impact in IETF – Closing down of ipsra working group; channel binding in IKEv2 – Continued attention: e.g., RFC 6813 31

  32. Channel Binding: lessons learned • Negative results are useful for security practitioners • Standardization can make a good idea see light of day • (Tech transfer) Impact Capturing researcher interest → / 32 Skip to summary

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Technology Acquisition & Transfer What is Technology Transfer ? Technology Transfer is

Technology Acquisition & Transfer What is Technology Transfer ? Technology Transfer is

7/2/2019 Technology Acquisition & Transfer What is Technology Transfer ? Technology Transfer is the process by which technology is disseminated. It involves communication of relevant knowledge by the Transferor to the Recipient.

224 views • 11 slides
Technology Transfer at U-M Accelerating the commercialization of research discoveries and

Technology Transfer at U-M Accelerating the commercialization of research discoveries and

Technology Transfer at U-M Accelerating the commercialization of research discoveries and catalyzing startup success KELLY SEXTON Associate Vice President for Research Technology Transfer and Innovation Partnerships PETER FALZON President

265 views • 12 slides
A Little Knowledge is a Dangerous Thi Thing Technology Transfer Workshops Technology Transfer

A Little Knowledge is a Dangerous Thi Thing Technology Transfer Workshops Technology Transfer

NORDUnet Nordic I nfrastructure for Research & Education A Little Knowledge is a Dangerous Thi Thing Technology Transfer Workshops Technology Transfer Workshops Training the community in new networking technologies Jerry Sobieski

660 views • 30 slides
Technology Transfer: paving the way for advanced manufacturing DYNXPERTS: Orientation to results

Technology Transfer: paving the way for advanced manufacturing DYNXPERTS: Orientation to results

Technology Transfer: paving the way for advanced manufacturing DYNXPERTS: Orientation to results & Technology Transfer Dr. Juanan Arrieta International R&D Projects Director jarrieta@ideko.es February 2015 Presentation of my

227 views • 19 slides
ACE PROJECTS PROF. L. O. ADEKOYA Intellectual Property and Technology Transfer Office (IPTTO)

ACE PROJECTS PROF. L. O. ADEKOYA Intellectual Property and Technology Transfer Office (IPTTO)

ACE PROJECTS PROF. L. O. ADEKOYA Intellectual Property and Technology Transfer Office (IPTTO) lmu.iptto@lmu.edu.ng Friday 5 th January, 2018 LANDMARK UNIVERSITY EXECUTIVE ADVANCE OMEGA SEMESTER 2017/2018 1/9/18 1 OVERVIEW 1.0 Objectives

588 views • 24 slides
By Pauline Bilodeau, M.Sc., agr. Technology Transfer Officer Agriculture and Agri-Food Canada

By Pauline Bilodeau, M.Sc., agr. Technology Transfer Officer Agriculture and Agri-Food Canada

By Pauline Bilodeau, M.Sc., agr. Technology Transfer Officer Agriculture and Agri-Food Canada Dairy Farmers of Canada Annual Dairy Policy Conference February 2011 With a simple click: Information about research projects PESAC,

226 views • 7 slides
Research as a Co-Production Activity How to increase the chance of successful transfer to

Research as a Co-Production Activity How to increase the chance of successful transfer to

Research as a Co-Production Activity How to increase the chance of successful transfer to practice: Good practices from real life projects Tony Gorschek tony.gorschek@bth.se www.gorschek.com Blekinge Institute of Technology

380 views • 21 slides
Technology Transfer or Knowledge Transfer? Russ Somma, Ph.D. SommaTech,LLC Affiliate of IPS

Technology Transfer or Knowledge Transfer? Russ Somma, Ph.D. SommaTech,LLC Affiliate of IPS

Technology Transfer or Knowledge Transfer? Russ Somma, Ph.D. SommaTech,LLC Affiliate of IPS Somerset ,New Jersey Technology Transfer or Knowledge Transfer? Lets set a time frame for our discussion. Assume the last ten years! Rationale

521 views • 33 slides
Technology and Transfer: SUNYs Integration of Transfer Policy and Technology TAAC Annual

Technology and Transfer: SUNYs Integration of Transfer Policy and Technology TAAC Annual

Technology and Transfer: SUNYs Integration of Transfer Policy and Technology TAAC Annual Conference Rosemont College, PA May 14, 2015 Christopher Hockey, Assistant Director of Student Mobility, SUNY System Administration Outline:

672 views • 44 slides
Linking Sm art Specialization with Technology Transfer in Science and Technology Park Planning

Linking Sm art Specialization with Technology Transfer in Science and Technology Park Planning

Linking Sm art Specialization with Technology Transfer in Science and Technology Park Planning EU4Innovation: Fostering Research-Industry Links 1 st October 20 18 , Tbilisi Mr. Nikos Giannoulidis Director of International Project and Innovation

299 views • 14 slides
Research and Technology Transfer at MSU A resource for creating knowledge for public benefit

Research and Technology Transfer at MSU A resource for creating knowledge for public benefit

Research and Technology Transfer at MSU A resource for creating knowledge for public benefit JACK LIPTON Founding Chair and Professor Department of Translational Neuroscience RICHARD CHYLLA Executive Director MSU Technologies Creating

345 views • 5 slides
Technology Transfer and Commercialisation 1 05/06/2015 1 Tech Transfer and Commercialisation

Technology Transfer and Commercialisation 1 05/06/2015 1 Tech Transfer and Commercialisation

Tech Transfer and Commercialisation Douglas Thompson Minsk, 27 th May 2015 douglasthompson@spi.pt Technology Transfer and Commercialisation 1 05/06/2015 1 Tech Transfer and Commercialisation 01. Technology Transfer 02. Valley of the death and

834 views • 79 slides
TITLE OF PRESENTATION Projects Request for Proposals (RFP-18-802) Name of Presenter Energy

TITLE OF PRESENTATION Projects Request for Proposals (RFP-18-802) Name of Presenter Energy

California California Energy Commission Energy Commission Research & Development Technology Transfer for EPIC Research TITLE OF PRESENTATION Projects Request for Proposals (RFP-18-802) Name of Presenter Energy Research and

497 views • 35 slides
Knowledge & Technology Transfer Status Report Claudio Parrinello Contents Impact

Knowledge & Technology Transfer Status Report Claudio Parrinello Contents Impact

Knowledge & Technology Transfer Status Report Claudio Parrinello Contents Impact viewpoint Milestones from selected projects based on CERN knowledge and technologies. Quantitative viewpoint Invention and technology disclosures,

736 views • 10 slides
Biodiversity and Ecosystem Informatics: Research, Technology Transfer, or Application

Biodiversity and Ecosystem Informatics: Research, Technology Transfer, or Application

Biodiversity and Ecosystem Informatics: Research, Technology Transfer, or Application Development? Jessie Kennedy http://www.soc.napier.ac.uk/jessie 02/12/2002 VLDB 2002 1 An ecological question What is the effect of change in

288 views • 10 slides
Prof. Dr. Ir. Bart De Moor Vice-rector International Policy The technology transfer engine Fase

Prof. Dr. Ir. Bart De Moor Vice-rector International Policy The technology transfer engine Fase

On the use of science and technology for society and defence Prof. Dr. Ir. Bart De Moor Vice-rector International Policy The technology transfer engine Fase 1 Fase 2 Direct Contract Research FFF BA/VC spinoff NV KUL Research Research

308 views • 17 slides
Outline Public key crypto Computer Security: Public Key Crypto RSA Essentials Bart Jacobs

Outline Public key crypto Computer Security: Public Key Crypto RSA Essentials Bart Jacobs

Public key crypto Public key crypto RSA Essentials RSA Essentials Public key protocols Radboud University Nijmegen Public key protocols Radboud University Nijmegen Diffie-Hellman and El Gamal Diffie-Hellman and El Gamal Outline Public key

328 views • 10 slides
Mobile Communication Prof. Dr. Michael Rohs michael.rohs@ifi.lmu.de Mobile Interaction Lab, LMU

Mobile Communication Prof. Dr. Michael Rohs michael.rohs@ifi.lmu.de Mobile Interaction Lab, LMU

MMI 2: Mobile Human- Computer Interaction Mobile Communication Prof. Dr. Michael Rohs michael.rohs@ifi.lmu.de Mobile Interaction Lab, LMU Mnchen Lectures # Date Topic 1 19.10.2011 Introduction to Mobile Interaction, Mobile Device

1.09k views • 87 slides
GSM Protocol Fuzzing and other GSM related fun Harald Welte gnumonks.org gpl-violations.org

GSM Protocol Fuzzing and other GSM related fun Harald Welte gnumonks.org gpl-violations.org

GSM Protocol Fuzzing and other GSM related fun Harald Welte gnumonks.org gpl-violations.org OpenBSC airprobe.org hmw-consulting.de 0sec conference, October 2009, Berne/Switzerland Harald Welte GSM Protocol Fuzzing Outline Harald Welte

623 views • 30 slides
DIGITAL TELEVISION DIGITAL TELEVISION Fernando Pereira Instituto Superior Tcnico Audiovisual

DIGITAL TELEVISION DIGITAL TELEVISION Fernando Pereira Instituto Superior Tcnico Audiovisual

DIGITAL TELEVISION DIGITAL TELEVISION Fernando Pereira Instituto Superior Tcnico Audiovisual Communications, Fernando Pereira, 2012 The Analogue TV World The Analogue TV World The Analogue TV World The Analogue TV World NTSC PAL SECAM

2.29k views • 186 slides
I nternet , intranet and W eb L ecture I T echnologies and protocols for application

I nternet , intranet and W eb L ecture I T echnologies and protocols for application

I nternet , intranet and W eb L ecture I T echnologies and protocols for application communications Marco Solieri marco.solieri@lipn.univ-paris13.fr Info et Rseaux en Apprentissage, Sup Galile, Paris 13 November 3 rd, 2014 O utline 1 C

811 views • 53 slides
SSC0156 Computao Pervasiva Chapter 3 Smart Devices and Services Prof. J Ueyama

SSC0156 Computao Pervasiva Chapter 3 Smart Devices and Services Prof. J Ueyama

SSC0156 Computao Pervasiva Chapter 3 Smart Devices and Services Prof. J Ueyama Ubiquitous computing: smart devices, 1 environments and interaction Related Links Basic Distributed Computer Interaction Models in this chapter are

1.64k views • 125 slides
OpenBSC network-side GSM stack running on top of Linux Harald Welte <laforge@gnumonks.org>

OpenBSC network-side GSM stack running on top of Linux Harald Welte <laforge@gnumonks.org>

GSM/3G security OpenBSC: Implementing GSM protocols Security analysis Summary OpenBSC network-side GSM stack running on top of Linux Harald Welte <laforge@gnumonks.org> gnumonks.org gpl-violations.org OpenBSC airprobe.org

653 views • 37 slides
An overview of Trust, Naming and Addressing and Establishment of security associations trust

An overview of Trust, Naming and Addressing and Establishment of security associations trust

An overview of Trust, Naming and Addressing and Establishment of security associations trust assumptions; attacker models; naming and addressing; key establishment in sensor networks; key establishment in ad hoc

505 views • 49 slides

More recommend